BigPwnd 0.1

Captain_Noobius from hackforums.net has written a script for Australian users to aid in cracking BigPond/Telstra WPA/WPA2 networks. It may also work in other countries where Thomson and Speedtouch routers are present.

It is to be used with BACKTRACK, Kali and other Ubuntu / Debian distros.

Features
Default WPA/2 calculator for Telstra mobile hotspots. They are the prepaid/postpaid 3G & 4G models including MF60, MF61, MF70 and MF91. They can be identified with SSID's such as: TPP4G_123456, TEHS_123456, TEWM_123456, etc.

This script has features for cracking common wireless routers used in our country. They can be identified with SSID's such as
BigPondXXXX, BigPondXX, TEHS_XXXX, Wi-Fi 4G-XXXX, TPP-4G_XX

It should also give you the routers serial. From what I can see the password is generated in a similar way to the Thomson routers. It looks like it is derived from the serial with possibly SHA224 or SHA256.

Extract it

Code:

Select All

tar -xvzf BigPwnd.tar.gz

Make the setup script executable

Code:

Select All

chmod +x bigpwndSetup.py

Run it by typing

Code:

Select All

python bigpwndSetup.py

After it installs you can run the script from any terminal by simply typing:
bigpwnd

Just enter the mac address and get the WPA key

The setup will make a directory:
/pentest/wireless/BigPwnd

Place the .cap files you want to crack here. One thing to note is the .cap file must be named exactly the same as the SSID. Eg. BigPond1A2A3A must be name BigPond1A2A3A.cap

The script gives you a menu and you can either crack a saved handshake or you can use the wps2key attack. The wps2key attack is virtually instant against BigPond networks with a T782T router. It sends a packet to the router and receives the routers serial number as a reply, it then converts that serial number to the WPA2 password.

The saved handshake cracking option is also successful depending on the network you got the handshake from. If you have a handshake from a TEHS_XX network it will crack it under 10 seconds. Likewise certain BigPondXXXX networks can be cracked in the same time, although some BigPondXXXX networks use a 2Wire router and in that case the script will switch to a 10 digit bruteforce attack. That could take a while depending on how fast your PC is.

If you use my bigpwnd script and select the wps2key option it should return the serial in the terminal. You will see an output similar to this:

So you should see the serial number appear next to the Serial Number column.

Routers with the ssid TEHS_XX use a default WPA pass based on the MAC address of the router. BigPwnd grabs that mac address from the capture file and appends it to the output of crunch and within seconds you have cracked the password.

Likewise routers that have a ssid of BigPondXXXX can be one of a couple of options. They are either a 2Wire or they are a N3G9W or maybe something else. BigPwnd will determine the router based on the mac address contained in your handshake capture and use crunch with aircrack based on the best method.

Donate to Us

Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K